...
| Code Block |
|---|
|
/interface bridge
add name=bridge1 vlan-filtering=no |
Untagged access with no VLAN filtering
In case VLAN filtering will not be used and access with untagged traffic is desired, the only requirement is to create an IP address on the bridge interface.
| Code Block |
|---|
|
/ip address
add address=192.168.99.1/24 interface=bridge1 |
Tagged access with no VLAN filtering
In case VLAN filtering is will not be used and access with tagged traffic is desired, create a routable VLAN interface on the bridge and add an IP address on the VLAN interface.
| Code Block |
|---|
|
/interface vlan
add interface=bridge1 name=MGMT vlan-id=99
/ip address
add address=192.168.99.1/24 interface=MGMT |
Tagged access with VLAN filtering
In case VLAN filtering is used and access from the trunk and/or access ports with tagged traffic is desired, additional steps are required. In this example VLAN99 , VLAN 99 will be used to access the device, a . A VLAN interface on the bridge must be created and an IP address must be assigned to it.
...
For example, if you want to allow access to the router/switch device from access ports ether3, ether4, and from trunk port sfp-sfpplus1 using tagged VLAN 99 traffic, then you must add this entry to the VLAN table. Note that the bridge1 interface is also included in the tagged port list:
| Code Block |
|---|
|
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether3,ether4,sfp-sfpplus1 vlan-ids=99 |
...
| Code Block |
|---|
|
/interface bridge set bridge1 vlan-filtering=yes |
Untagged access with VLAN filtering
In case VLAN filtering is used and access from trunk and/or access ports with with untagged traffic is desired, you need to allow untagged traffic to access the router/switch. Start by creating an IP address on the bridge interfacethe VLAN interface must use the same VLAN ID as the untagged port VLAN ID (pvid). Just like in the previous example, start by creating a VLAN interface on the bridge and add an IP address for the VLAN.
| Code Block |
|---|
|
/interface vlan
add interface=bridge1 name=MGMT vlan-id=99
/ip address
add address=192.168.8899.1/24 interface=bridge1 |
It is required to add VLAN 1 to ports from which you want to allow access to the router/switch, for example, to allow access from access ports ether3, ether4 add this entry to the VLAN table:
| Code Block |
|---|
|
/interface bridge vlan
add bridge=bridge1 untagged=ether3,ether4 vlan-ids=1 |
For example, untagged ports ether2 and ether3 should be able to communicate with the VLAN 99 interface using untagged traffic. In order to achieve this, these ports should be configured with the pvid that matches the VLAN ID on management VLAN. Note that the bridge1 interface is a tagged port member, you can configure additional tagged ports if necessary (see the previous example).Make sure that PVID on the bridge interface matches the PVID value on these ports:
| Code Block |
|---|
|
/interface bridge port
set bridge1[find interface=ether2] pvid=1 99
set [find interface=ether3] pvid=99
/interface bridge vlan
add bridge port=bridge1 tagged=bridge1 untagged=ether2,ether3 vlan-ids=99 |
After that you can enable VLAN filtering:
| Code Block |
|---|
|
/interface bridge set ether3bridge1 vlan-filtering=yes |
Changing untagged VLAN for the bridge interface
In case VLAN filtering is used, it is possible to change the untagged VLAN ID for the bridge interface using the pvid setting. Note that creating routable VLAN interfaces and allowing tagged traffic on the bridge is a more flexible and generally recommended option.
First, create an IP address on the bridge interface.
| Code Block |
|---|
|
/ip address
add address=192.168.99.1/24 interface=bridge1 |
For example, untagged bridge1 traffic should be able to communicate with untagged ether2 and ether3 ports and tagged sfp-sfpplus1 port in VLAN 99. In order to achieve this, bridge1, ether2, ether3 should be configured with the same pvid and sfp-sfpplus1 added as a tagged member.
| Code Block |
|---|
|
/interface bridge
set [find name=bridge1] pvid=99
/interface bridge port
set [find interface=ether2] pvid=99
set [find interface=ether3] pvid=99
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=bridge1,ether2,ether3 vlan-ids=99,ether4 pvid=1 |
After that you can enable VLAN filtering:
| Code Block |
|---|
|
/interface bridge set bridge1 vlan-filtering=yes |
...